An unencrypted laptop containing social security numbers and other personally identifiable information of over 10,000 current and former NASA employees and contractors was stolen from the car of an employee at NASA headquarters in Washington, D.C. on October 31, 2012, according to new report (PDF) from NASA’s Office of Inspector General. The loss, besides being a huge risk to those employees, has also cost the agency a not-insignificant amount of money, as the report details:
“Although the laptop was password protected, neither the laptop itself nor the individual files were encrypted. As a result of this loss, NASA contracted with a company to provide credit monitoring services to the affected individuals. NASA estimates that these services will cost between $500,000 and $700,000.”
This is hardly the first time NASA has had such valuable information physically stolen. The NASA OIG report notes that 62 agency laptops were stolen this year alone, and 45 in 2011, including one in March 2011 that contained control codes to the International Space Station.
In the new report released Monday, NASA’s OIG also adds that another laptop was stolen in November 2011. As a consequence of the October 31 theft, NASA accelerated a program to bolster security by requiring all laptops be encrypted by December 21, 2012.
However, the OIG report notes that the agency is likely not to meet that deadline, as NSA “owns or leases upwards of 60,000 desktop and laptop computers,” but only tracks the encryption status of 20,000 of them at present.
“Without knowing the full universe of laptops that require encryption, the Agency cannot be sure that all of its laptops are protected with whole-disk encryption software,” the report reads.